How I Stopped WordPress Comment Spam

WordPress Comment Spam is a massive pain in the ass and even those of us who like to think we ‘know what we are doing’ have a serious problem with it. On one of the sites I run I was getting anywhere from 10-50 spam comments a day. Now to be clear they are all properly getting flagged as SPAM but I do not want to spend my Sunday afternoon deleting 1,814 spam messages every few weeks if I can help it.

Fortunately for those reading this I have a solution courtesy of Grant Hutchinson that so far is working spot on with ZERO spam messages sitting waiting to be reviewed or deleted. Considering I normally have thousands ( because of the size of the site ) this is a big leap forward to stopping WordPress comment spam.

Update: It has been 24hours and I still have no spam messages, no complaints of comments not going through and more importantly lots of regular comments clearing. So I definitely still give this a thumbs up.

Grant Hutchinson’s fix is quite simply a list of 12,000 phrases, patterns, and keywords commonly used by spammers and comment bots in usernames, email addresses, link text, and URLs. To implement this SPAM stop for WordPress is quite easy, login to your WordPress site, go to Settings  / Discussion and under comment moderation paste this list of phrases/patterns and kiss your wordpress spam comments good bye!

wordpress comment spam

While you are on your comments page I also encourage you to change the comment hold to make sure it holds all comments with 1 link or more. ( See Screenshot ).

So how good does Hutchinson’s WordPress Spam killing phrases and patterns work? From my short-term tests it has worked fantastic  however, Jason Cosper ran a test on a client WordPress site that had 800,000 spam comments and this fix flagged 40% of them as spam. That may not seem that great but 40% of 800,000 is a serious chunk of spam that will get blocked!

Jason then exported the comments and ran them locally through an Akismet filter and there were ZERO False positives. So for those of you weighing whether you should be buying Akismet or just trying out Hutchinson’s fix. I think its clear that his method is well worth trying. Give it a shot and let me know how it works for you!



    1. In the last 24hours I have had no spam. I am about to implement it on a site I work on with over a million uniques a day. That will be the true test 🙂

      I work as a freelance dev building what people say is ‘really cool stuff’ so kudos to you for building something ‘really cool’

  1. Just logged in and had 5 messages pending. 2 were legit but i can see why they were triggered. 3 Made it through that were spam. That is still pretty damn good. 3 spam messages in 48 hours vs my normal 200

    1. Would it be possible to forward me copies of the three spam messages (including the email, url, and comment body). I can use this information to further tweak the blacklist.

      grant _at_ splorp _dot_ com

      1. I will do just that. I did just get 1 which is clearly spam with the subject line ‘g** p*rn’. ( edited for family audience by me ). Otherwise still holding strong.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s